Page 1 of 1

Basis vs Security Administration

PostPosted: Thu Jul 03, 2014 2:08 am
by TONI
Hi,
Does anyone have a sample SOD that you use to distinguish duties between the Basis and Security admin?? Which tasks should they be doing or not doing for that matter!!!
:?

Re: Basis vs Security Administration

PostPosted: Fri Oct 31, 2014 2:47 pm
by Gary Morris
Normally SAP Security will need many "Basis" transactions to perform system audits. Review the transaction men of the SAP delivered roles:
SAP_AUDITOR_SA
SAP_AUDITOR_SA_CCM_USR
SAP_AUDITOR_SA_CUS_TOL
However Security should have display for these transactions.

The Basis team should have most of the SAP Security transactions as well but only display. Unless you want Basis to be able to lock or unlock all users for maintenance tasks. Basis should not be able to create or change roles or create or assign users.

I started in Basis doing both Basis and Security tasks until SOX came along and I had to choose one or the other. It has been segregated in every client I have worked for since then even those that were not publicly traded companies. Just seems to be the norm now.